The National Institute of Standards and Technology (NIST) is an agency of the US Department of Commerce promoting best practices, innovation, and industrial competitiveness. NIST recommendations serve as a foundation for how federal agencies adopt — and promote adoption — of technologies and processes.
NIST recommendations while not binding in the private sphere nonetheless indicate the course US and global industry is taking in areas including information technology (IT), engineering, research, materials use, and measuring.
With respect to technology in the public and private sphere, NIST holds considerable influence. Their guidelines help even the largest and most resourced enterprises navigate the evolutionary changes in engineering and applied sciences. A prime example is when NIST, in mid-2016, signaled it would soon deprecate SMS-based two-factor authentication (2FA) based on vulnerabilities in SS7, the protocol enabling communication between different telecommunications carriers. As a result of NIST’s pronouncement, SMS-based 2FA is no longer regarded as secure and PUSH notification 2FA is deemed a viable successor.
How are Authentication Methods Attacked?
Find out how user authentication methods vary in terms of security level. The NIST Authentication Attack Matrix heat-maps known security threats against various modalities. It is offered to arm executives and security practitioners with added knowledge on which to base critical authentication sourcing decisions.
"Since NIST deprecated SMS 2FA, the security industry started abandoning the practice en masse. It's as if when NIST sneezes, the RSAC exhibitor hall catches a cold."